package com.jijuxie.framework.security;

import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class SaTokenConfig implements WebMvcConfigurer {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册 Sa-Token 拦截器，定义详细认证规则
        registry.addInterceptor(new SaInterceptor(handler -> {
            // 指定一些路径无需认证
            SaRouter.match("/**")
                    .notMatch(
                        // 登录相关接口
                        "/auth/login", "/auth/register", "/captcha",
                        // 经纪人公共接口
                        "/agent/publiclist", "/agent/*", "/agent/list", "/agent/test", 
                        // 文件上传和访问接口
                        "/api/file/upload", "/api/file/upload-cover", "/api/file/upload-listing", 
                        "/api/file/batch-upload", "/api/file/delete", "/api/house/add",
                        // 测试接口
                        "/test/**",
                        // 静态资源
                        "/static/**", "/profile/**",
                        // Swagger相关
                        "/doc.html", "/webjars/**", "/v3/api-docs/**"
                    )
                    .check(r -> {
                        // 检查是否登录
                        StpUtil.checkLogin();
                        
                        // TODO: 根据需要添加更细粒度的权限控制
                        // 例如：检查角色权限
                        // if (StpUtil.hasRole("admin")) {
                        //     // 只有管理员可以访问
                        // }
                    });
        })).addPathPatterns("/**");
    }
}
